survey

A Survey of Role Mining

Authors:
Barsha Mitra

School of Information Technology, Indian Institute of Technology, Kharagpur, India

School of Information Technology, Indian Institute of Technology, Kharagpur, India
View Profile

,
Shamik Sural

School of Information Technology, Indian Institute of Technology, Kharagpur, India

School of Information Technology, Indian Institute of Technology, Kharagpur, India
View Profile

,
Jaideep Vaidya

MSIS Department, Rutgers University, NJ, USA

MSIS Department, Rutgers University, NJ, USA
View Profile

,
Vijayalakshmi Atluri

MSIS Department, Rutgers University, NJ, USA

MSIS Department, Rutgers University, NJ, USA
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 48 Issue 4Article No.: 50pp 1–37https://doi.org/10.1145/2871148

Published:22 February 2016Publication History

ACM Computing Surveys

Abstract

Role-Based Access Control (RBAC) is the most widely used model for advanced access control deployed in diverse enterprises of all sizes. RBAC critically depends on defining roles, which are a functional intermediate between users and permissions. Thus, for RBAC to be effective, an appropriate set of roles needs to be identified. Since many organizations already have user-permission assignments defined in some form, it makes sense to identify roles from this existing information. This process, known as role mining, is one of the critical steps for successful RBAC adoption in any enterprise. In recent years, numerous role mining techniques have been developed, which take into account the characteristics of the core RBAC model, as well as its various extended features. In this article, we comprehensively study and classify the basic problem of role mining along with its several variants and the corresponding solution strategies. Categorization is done on the basis of the nature of the target RBAC system, the objective of role mining, and the type of solution. We then discuss the limitations of existing work and identify new areas of research that can lead to further enrichment of this field.

References

R. Agrawal and R. Srikant. 1994. Fast algorithms for mining association rules in large databases. In Proc. of 20th International Conf. on Very Large Data Bases. 487--499. Google ScholarDigital Library
S. Ahmed and S. L. Osborn. 2014. A system for risk awareness during role mining. In Proc. of 19th ACM Symposium on Access Control Models and Technologies. 181--184. Google ScholarDigital Library
S. Aich, S. Mondal, S. Sural, and A. K. Majumdar. 2009. Role-based access control with spatiotemporal context for mobile applications. Transactions on Computational Science: Special Issue on Security in Computing IV (2009), 177--199. Google ScholarDigital Library
S. Aich, S. Sural, and A. K. Majumdar. 2007. STARBAC: Spatiotemporal role-based access control. In Proc. of OTM Confederated International Conf. on On the Move to Meaningful Internet Systems: CoopIS, DOA, ODBASE, GADA, and IS - Part II. 1567--1582. Google ScholarDigital Library
M. Alam, M. Hafner, and R. Breu. 2008. Constraint based role-based access control in the SECTET-framework: A model-driven approach. Journal of Computer Security 16, 2 (2008), 223--260. Google ScholarDigital Library
M. R. Asghar, M. Ion, G. Russello, and B. Crispo. 2011. ESPOON: Enforcing encrypted security policies in outsourced environments. In Proc. of 6th International Conf. on Availability, Reliability and Security. 99--108. Google ScholarDigital Library
M. R. Asghar, M. Ion, G. Russello, and B. Crispo. 2013. ESPOON_ERBAC: Enforcing security policies in outsourced environments. Computers & Security 35 (2013), 2--24. Google ScholarDigital Library
A. Baumgrass, M. Strembeck, and S. Rinderle-Ma. 2011. Deriving role engineering artifacts from business processes and scenario models. In Proc. of 16th ACM Symposium on Access Control Models and Technologies. 11--20. Google ScholarDigital Library
E. Bertino, P. A. Bonatti, and E. Ferrari. 2001. TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security 4, 3 (2001), 191--233. Google ScholarDigital Library
K. Z. Bijon, R. Krishnan, and R. Sandhu. 2013. Towards an attribute based constraints specification language. In Proc. of 5th International Conf. on Social Computing. 108--113. Google ScholarDigital Library
D. M. Blei, A. Y. Ng, and M. I. Jordan. 2003. Latent Dirichlet allocation. Journal of Machine Learning Research 3 (2003), 993--1022. Google ScholarDigital Library
C. Blundo and S. Cimato. 2010. A simple role mining algorithm. In Proc. of 25th ACM Symposium on Applied Computing. 1958--1962. Google ScholarDigital Library
C. Blundo and S. Cimato. 2012. Constrained role mining. In Proc. of 8th International Workshop on Security and Trust Management. 289--304.Google Scholar
P. Bonatti, C. Galdi, and D. Torres. 2013. ERBAC: Event-driven RBAC. In Proc. of 18th ACM Symposium on Access Control Models and Technologies. 125--136. Google ScholarDigital Library
S. M. Chandran and J. B. D. Joshi. 2005. LoT-RBAC: A location and time-based RBAC model. In Proc. of 6th International Conf. on Web Information Systems Engineering. 361--375. Google ScholarDigital Library
S. N. Chari, I. M. Molloy, and Y. Park. 2015. Role Mining With User Attribution Using Generative Models. (2015). http://www.google.co.in/patents/US20120246098 US Patent App. 13/411,174.Google Scholar
H. Chen, S. Wang, J. Wen, Y. Huang, and C. Chen. 2010. A generalized temporal and spatial role-based access control model. Journal of Networks 5, 8 (2010), 912 --920.Google ScholarCross Ref
J. Choi, H. Jang, and Y. I. Eom. 2010. CA-RBAC: Context aware RBAC scheme in ubiquitous computing environments. Journal of Information Science and Engineering 26, 5 (2010), 1801--1816.Google Scholar
V. W. Chu, R. K. Wong, and C. H. Chi. 2013. Online role mining without over-fitting for service recommendation. In Proc. of 20th International IEEE Conf. on Web Services. 58--65. Google ScholarDigital Library
A. Colantonio, R. D. Pietro, and A. Ocello. 2008. A cost-driven approach to role engineering. In Proc. of 23rd ACM Symposium on Applied Computing. 2129--2136. Google ScholarDigital Library
A. Colantonio, R. D. Pietro, A. Ocello, and N. V. Verde. 2009a. A formal framework to elicit roles with business meaning in RBAC systems. In Proc. of 14th ACM Symposium on Access Control Models and Technologies. 85--94. Google ScholarDigital Library
A. Colantonio, R. D. Pietro, A. Ocello, and N. V. Verde. 2009b. A probabilistic bound on the basic role mining problem and its applications. In Proc. of 24th IFIP TC 11 International Information Security Conf. 376--386.Google Scholar
A. Colantonio, R. D. Pietro, A. Ocello, and N. V. Verde. 2010a. Mining business-relevant RBAC states through decomposition. In Proc. of 25th IFIP TC 11 International Information Security Conf. 19--30.Google Scholar
A. Colantonio, R. D. Pietro, A. Ocello, and N. V. Verde. 2010b. Taming role mining complexity in RBAC. Computers & Security, Special Issue on Challenges for Security and Privacy and Trust 29, 5 (2010), 548--564. Google ScholarDigital Library
A. Colantonio, R. D. Pietro, A. Ocello, and N. V. Verde. 2011. A new role mining framework to elicit business roles and to mitigate enterprise risk. Decision Support Systems 50, 4 (2011), 715--731. Google ScholarDigital Library
A. Colantonio, R. D. Pietro, A. Ocello, and N. V. Verde. 2012. Visual role mining: A picture is worth a thousand roles. IEEE Transactions on Knowledge and Data Engineering 24, 6 (2012), 1120--1133. Google ScholarDigital Library
A. Colantonio, R. D. Pietro, and N. V. Verde. 2012. A business-driven decomposition methodology for role mining. Computers & Security 31, 7 (2012), 844--855. Google ScholarDigital Library
T. H. Cormen, C. Stein, R. L. Rivest, and C. E. Leiserson. 2001. Introduction to Algorithms (2nd ed.). McGraw-Hill Higher Education. Google ScholarDigital Library
M. J. Covington, W. Long, S. Srinivasan, A. K. Dev, M. Ahamad, and G. D. Abowd. 2001. Securing context-aware applications using environment roles. In Proc. of 6th ACM Symposium on Access Control Models and Technologies. 10--20. Google ScholarDigital Library
E. J. Coyne. 1995. Role engineering. In Proc. of 1st ACM Workshop on Role-Based Access Control. 15--16. Google ScholarDigital Library
X. Cui, Y. Chen, and J. Gu. 2007. Ex-RBAC: An extended role-based access control model for location-aware mobile collaboration system. In Proc. of 2nd International Conf. on Internet Monitoring and Protection. 36--42. Google ScholarDigital Library
L. D. Moura and N. Bjørner. 2011. Satisfiability modulo theories: Introduction and applications. Communications of the ACM 54, 9 (2011), 69--77. Google ScholarDigital Library
M. L. Damiani, E. Bertino, B. Catania, and P. Perlasca. 2007. GEO-RBAC: A spatially aware RBAC. ACM Transactions on Information and System Security 10, 1 (2007), 2:1--2:42. Google ScholarDigital Library
J. Dean and S. Ghemawat. 2008. MapReduce: Simplified data processing on large clusters. Communications of the ACM 51, 1 (2008), 107--113. Google ScholarDigital Library
L. Dong, J. Wu, C. Gong, and B. Pi. 2014. A network-cliques based role mining model. Journal of Networks 9, 8 (2014), 2079--2088.Google ScholarCross Ref
X. Du and X. Chang. 2014. Performance of AI algorithms for mining meaningful roles. In Proc. of 2014 IEEE Congress on Evolutionary Computation. 2070--2076.Google Scholar
A. Ene, W. Horne, N. Milosavljevic, P. Rao, R. Schreiber, and R. E. Tarjan. 2008. Fast exact and heuristic methods for role minimization problems. In Proc. of 13th ACM Symposium on Access Control Models and Technologies. 1--10. Google ScholarDigital Library
A. A. Eucharista and K. Haribaskar. 2013. Visual elicitation of roles: Using a hybrid approach. Oriental Journal of Computer Science and Technology 6, 1 (2013), 103--110.Google Scholar
D. F. Ferraiolo, R. S. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4, 3 (2001), 224--274. Google ScholarDigital Library
M. Frank, J. M. Buhmann, and D. Basin. 2013. Role mining with probabilistic models. ACM Transactions on Information and System Security 15, 4 (2013), 1--28. Google ScholarDigital Library
M. Frank, A. P. Streich, D. Basin, and J. M. Buhmann. 2009. A probabilistic approach to hybrid role mining. In Proc. of 16th ACM Conf. on Computer and Communications Security. 101--111. Google ScholarDigital Library
L. Fuchs and S. Meier. 2011. The role mining process model - Underlining the need for a comprehensive research perspective. In Proc. of 6th International Conf. on Availability, Reliability and Security. 35--42. Google ScholarDigital Library
L. Fuchs and G. Pernul. 2008. HyDRo - Hybrid development of roles. In Proc. of 4th International Conf. on Information Systems Security. 287--302. Google ScholarDigital Library
N. Gal-Oz, Y. Gonen, R. Yahalom, E. Gudes, B. Rozenberg, and E. Shmueli. 2011. Mining roles from web application usage patterns. In Proc. of 8th International Conf. on Trust, Privacy and Security in Digital Business. 125--137. Google ScholarDigital Library
F. Geerts, B. Goethals, and T. Mielikinen. 2004. Tiling databases. In Proc. of 7th International Conf. Discovery Science. 278--289.Google Scholar
Y. Gonen and E. Gudes. 2011. Users tracking and roles mining in web-based applications. In Proc. of the 2011 Joint EDBT/ICDT Ph.D. Workshop. 14--18. Google ScholarDigital Library
Q. Guo, J. Vaidya, and V. Atluri. 2008. The role hierarchy mining problem: Discovery of optimal role hierarchies. In Proc. of 24th Annual Computer Security Applications Conf. 237--246. Google ScholarDigital Library
A. Gupta, M. S. Kirkpatrick, and E. Bertino. 2014. A formal proximity model for RBAC systems. Computers & Security 41 (2014), 52--67. Google ScholarDigital Library
M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. 2009. The WEKA data mining software: An update. ACM SIGKDD Explorations Newsletter 11, 1 (2009), 10--18. Google ScholarDigital Library
J. Han and M. Kamber. 2006. Data Mining: Concepts and Techniques. 2nd ed. Morgan Kaufmann. Google ScholarDigital Library
P. Harika, M. Nagajyothi, J. C. John, S. Sural, J. Vaidya, and V. Atluri. 2015. Meeting cardinality constraints in role mining. IEEE Transactions on Dependable and Secure Computing 12, 1 (2015), 71--841.Google ScholarDigital Library
M. H. Hernandez, J. A. Laredo, S. Mandala, Y. Ruan, V. C. Sreedhar, and M. Vukovic. 2014. System and Method for Hybrid Role Mining. (2014). http://www.google.com/patents/US20130111583 US Patent App. 13/283,371.Google Scholar
M. Hingankar and S. Sural. 2011. Towards role mining with restricted user-role assignment. In Proc. of 2nd International Conf. on Wireless Communication, Vehicular Technology, Information Theory and Aerospace Electronic Systems Technology. 1--5.Google Scholar
J. Hu, K. M. Khan, Y. Bai, and Y. Zhang. 2012. Constraint-enhanced role engineering via answer set programming. In Proc. of 7th ACM Symposium on Information, Computer and Communications Security. 73--74. Google ScholarDigital Library
V. C. Hu, D. Ferraiolo, D. R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. 2014. Guide to Attribute based Access Control (ABAC) Definition and Considerations. Technical Report. NIST Special Publication 800-162. http://nvlpubs.nist.gov/nistpubs/-specialpublications/NIST.sp.800-162.pdf.Google Scholar
V. C. Hu, D. R. Kuhn, and D. Ferraiolo. 2015. Attribute-based access control. IEEE Computer 48, 2 (2015), 85--88.Google ScholarDigital Library
C. Huang, J. Sun, X. Wang, and Y. Si. 2010. Minimal role mining method for web service composition. Journal of Zhejiang University-SCIENCE C (Computers & Electronics) 11, 5 (2010), 328--339.Google ScholarCross Ref
C. Huang, J. Sun, X. Wang, Y. Si, and D. Wu. 2009. Preprocessing the noise in legacy user permission assignment data for role mining - An industrial practice. In Proc. of 25th IEEE International Conf. on Software Maintenance. 403--406.Google Scholar
H. Huang, F. Shang, J. Liu, and H. Du. 2013. Handling least privilege problem and role mining in RBAC. Journal of Combinatorial Optimization 30, 1, 63--86. Google ScholarDigital Library
J. H. Jafarian, H. Takabi, H. Touati, E. Hesamifard, and M. Shehab. 2015. Towards a general framework for optimal role mining: A constraint satisfaction approach. In Proc. of 20th ACM Symposium on Access Control Models and Technologies. 211--220. Google ScholarDigital Library
X. Jin, R. Krishnan, and R. Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In Proc. of 26th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy. 41--55. Google ScholarDigital Library
J. C. John, S. Sural, V. Atluri, and J. Vaidya. 2012. Role mining under role-usage cardinality constraint. In Proc. of 27th IFIP TC 11 International Information Security and Privacy Conf. 150--161.Google Scholar
J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. 2005. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering 17, 1 (2005), 4--23. Google ScholarDigital Library
K. Jung and S. Park. 2013. Context-aware role-based access control using user relationship. International Journal of Computer Theory and Engineering 5, 3 (2013), 533--537.Google ScholarCross Ref
M. S. Kirkpatrick, M. L. Damiani, and E. Bertino. 2011. Prox-RBAC: A proximity-based spatially aware RBAC. In Proc. of 19th ACM SIGSPATIAL International Conf. on Advances in Geographic Information Systems. 339--348. Google ScholarDigital Library
L. Krautsevich, A. Lazouski, F. Martinelli, and A. Yautsiukhin. 2013. Towards attribute-based access control policy engineering using risk. In Proc. of 1st International Workshop on Risk Assessment and Risk-Driven Testing. 80--90.Google Scholar
M. Kuhlmann, D. Shohat, and G. Schimpf. 2003. Role mining - Revealing business roles for security administration using data mining technology. In Proc. of 8th ACM Symposium on Access Control Models and Technologies. 179--186. Google ScholarDigital Library
M. Kumar and R. E. Newman. 2006. STRBAC - An approach towards spatio-temporal role-based access control. In Proc. 3rd IASTED International Conf. on Communication, Network, and Information Security. 150--155.Google Scholar
R. Kumar, S. Sural, and A. Gupta. 2010. Mining RBAC roles under cardinality constraint. In Proc. of 6th International Conf. on Information Systems Security. 171--185. Google ScholarDigital Library
R. Li, H. Li, W. Wang, X. Ma, and X. Gu. 2013. RMiner: A tool set for role mining. In Proc. of 18th ACM Symposium on Access Control Models and Technologies. 193--196. Google ScholarDigital Library
H. Lu, Y. Hong, Y. Yang, L. Duan, and N. Badar. 2013. Towards user-oriented RBAC model. In Proc. of 27th International Conf. on Data and Applications Security and Privacy. 81--96. Google ScholarDigital Library
H. Lu, Y. Hong, Y. Yang, L. Duan, and N. Badar. 2015. Towards user-oriented RBAC model. Journal of Computer Security 23, 1 (2015). Google ScholarDigital Library
H. Lu, J. Vaidya, and V. Atluri. 2008. Optimal boolean matrix decomposition: Application to role engineering. In Proc. of 24th IEEE International Conf. on Data Engineering. 297--306. Google ScholarDigital Library
H. Lu, J. Vaidya, and V. Atluri. 2014. An optimization framework for role mining. Journal of Computer Security 22, 1 (2014), 1--31. Google ScholarDigital Library
H. Lu, J. Vaidya, V. Atluri, and Y. Hong. 2009. Extended Boolean matrix decomposition. In Proc. of 9th IEEE International Conf. on Data Mining. 317--326. Google ScholarDigital Library
H. Lu, J. Vaidya, V. Atluri, and Y. Hong. 2012. Constraint-aware role mining via extended boolean matrix decomposition. IEEE Transactions on Dependable and Secure Computing 9, 5 (2012), 655--669. Google ScholarDigital Library
X. Ma, R. Li, and Z. Lu. 2010. Role mining based on weights. In Proc. of 15th ACM Symposium on Access Control Models and Technologies. 65--74. Google ScholarDigital Library
X. Ma, R. Li, Z. Lu, and W. Wang. 2012. Mining constraints in role-based access control. Mathematical and Computer Modelling 55, 12 (2012), 87--96.Google ScholarCross Ref
S. Mandala, M. Vukovic, J. Laredo, Y. Ruan, and M. Hernandez. 2012. Hybrid role mining for security service solution. In Proc. of 9th IEEE International Conf. on Services Computing. 210--217. Google ScholarDigital Library
B. Mitra, S. Sural, V. Atluri, and J. Vaidya. 2013. Toward mining of temporal roles. In Proc. of 27th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy. 65--80. Google ScholarDigital Library
B. Mitra, S. Sural, V. Atluri, and J. Vaidya. 2015. The generalized temporal role mining problem. Journal of Computer Security 23, 1 (2015), 31--58. Google ScholarDigital Library
I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. 2010. Mining roles with multiple objectives. ACM Transactions on Information and System Security 13, 4 (2010), 36:1--36:35. Google ScholarDigital Library
I. Molloy, N. Li, T. Li, Z. Mao, Q. Wang, and J. Lobo. 2009. Evaluating role mining algorithms. In Proc. of 14th ACM Symposium on Access Control Models and Technologies. 95--104. Google ScholarDigital Library
I. Molloy, N. Li, Y. A. Qi, J. Lobo, and L. Dickens. 2010. Mining roles with noisy data. In Proc. of 15th ACM Symposium on Access Control Models and Technologies. 45--54. Google ScholarDigital Library
I. Molloy, Y. Park, and S. Chari. 2012. Generative models for access control policies: Applications to role mining over logs with attribution. In Proc. of 17th ACM Symposium on Access Control Models and Technologies. 45--56. Google ScholarDigital Library
M. Narouei and H. Takabi. 2015. Towards an automatic top-down role engineering approach using natural language processing techniques. In Proc. of 20th ACM Symposium on Access Control Models and Technologies. 157--160. Google ScholarDigital Library
G. Neumann and M. Strembeck. 2002. A scenario-driven role engineering process for functional RBAC roles. In Proc. of 7th ACM Symposium on Access Control Models and Technologies. 33--42. Google ScholarDigital Library
A. C. O’Connor and R. J. Loomis. 2010. 2010 Economic analysis of role-based access control. RTI International Report for NIST (2010).Google Scholar
S. Park, Y. Han, and T. Chung. 2006. Context role-based access control for context-aware application. In Proc. of 2nd International Conf. on High Performance Computing and Communications. 572--580. Google ScholarDigital Library
I. Ray, M. Kumar, and L. Yu. 2006. LRBAC: A location-aware role-based access control model. In Proc. of 2nd International Conf. on Information Systems Security. 147--161. Google ScholarDigital Library
I. Ray and M. Toahchoodee. 2007. A spatio-temporal role-based access control model. In Proc. of 21st Annual IFIP WG 11.3 Working Conf. on Data and Applications Security. 211--226. Google ScholarDigital Library
H. Roeckle, G. Schimpf, and R. Weidinger. 2000. Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In Proc. of 5th ACM Workshop on Role-Based Access Control. 103--110. Google ScholarDigital Library
F. Rohrer, Y. Zhang, L. Chitkushev, and T. Zlateva. 2013. DR BACA: Dynamic role-based access control for android. In Proc. of 29th Annual Computer Security Applications Conf. 299--308. Google ScholarDigital Library
M. Rosen-Zvi, C. Chemudugunta, T. Griffiths, P. Smyth, and M. Steyvers. 2010. Learning author-topic models from text corpora. ACM Transactions on Information Systems 28, 1 (2010), 4:1--4:38. Google ScholarDigital Library
I. Saenko and I. Kotenko. 2011. Genetic algorithms for role mining problem. In Proc. of 19th International Euromicro Conf. on Parallel, Distributed and Network-Based Processing. 646--650. Google ScholarDigital Library
I. Saenko and I. Kotenko. 2012. Design and performance evaluation of improved genetic algorithm for role mining problem. In Proc. of 20th Euromicro International Conf. on Parallel, Distributed and Network-Based Processing. 269--274. Google ScholarDigital Library
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. 1996. Role-based access control models. IEEE Computer 29, 2 (1996), 38--47. Google ScholarDigital Library
J. Schlegelmilch and U. Steffens. 2005. Role mining with ORCA. In Proc. of 10th ACM Symposium on Access Control Models and Technologies. 168--176. Google ScholarDigital Library
D. Shin, G. Ahn, S. Cho, and S. Jin. 2003. On modeling system-centric information for role engineering. In Proc. of 8th ACM Symposium on Access Control Models and Technologies. 169--178. Google ScholarDigital Library
S. D. Stoller, P. Yang, C. R. Ramakrishnan, and M. I. Gofman. 2007. Efficient policy analysis for administrative role-based access control. In Proc. of 14th ACM Conf. on Computer and Communications Security. 445--455. Google ScholarDigital Library
M. N. Tahir. 2007. C-RBAC: Contextual role-based access control model. Ubiquitous Computing and Communication Journal 2, 3 (2007), 67--74.Google Scholar
H. Takabi and J. B. D. Joshi. 2010. StateMiner: An efficient similarity-based approach for optimal mining of role hierarchy. In Proc. of 15th ACM Symposium on Access Control Models and Technologies. 55--64. Google ScholarDigital Library
G. Tang, F. Yang, Z. Zhang, and J. Pu. 2010. An extended role-based access control model: Temporal, spatial, workflowed and attributed role-based access controls model. In Proc. of 4th International Conf. on Genetic and Evolutionary Computing. 534--537. Google ScholarDigital Library
K. T. L. Thi, T. K. Dang, P. Kuonen, and H. C. Drissi. 2012. STRoBAC: Spatial temporal role-based access control. In Proc. of 4th International Conf. on Computational Collective Intelligence: Technologies and Applications - Part II. 201--211. Google ScholarDigital Library
E. Uzun, V. Atluri, H. Lu, and J. Vaidya. 2011. An optimization model for the extended role mining problem. In Proc. of 25th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy. 76--89. Google ScholarDigital Library
J. Vaidya, V. Atluri, and Q. Guo. 2010. The role mining problem: A formal perspective. ACM Transactions on Information and System Security 13, 3 (2010), 27:1--27:31. Google ScholarDigital Library
J. Vaidya, V. Atluri, Q. Guo, and N. Adam. 2008. Migrating to optimal RBAC with minimal perturbation. In Proc. of 13th ACM Symposium on Access Control Models and Technologies. 11--20. Google ScholarDigital Library
J. Vaidya, V. Atluri, Q. Guo, and H. Lu. 2009. Edge-RMP: Minimizing administrative assignments for role-based access control. Journal of Computer Security 17, 2 (2009), 211--235. Google ScholarDigital Library
J. Vaidya, V. Atluri, Q. Guo, and H. Lu. 2010a. Role mining in the presence of noise. In Proc. of 24th Annual IFIP WG 11.3 Working Conf. on Data and Applications Security and Privacy. 97--112. Google ScholarDigital Library
J. Vaidya, V. Atluri, J. Warner, and Q. Guo. 2010b. Role engineering via prioritized subset enumeration. IEEE Transactions on Dependable and Secure Computing 7, 3 (2010), 300--314. Google ScholarDigital Library
N. V. Verde, J. Vaidya, V. Atluri, and A. Colantonio. 2012. Role engineering: From theory to practice. In Proc. of 2nd ACM Conf. on Data and Application Security and Privacy. 181--191. Google ScholarDigital Library
J. Wang, C. Zeng, C. He, L. Hong, L. Zhou, R. K. Wong, and J. Tian. 2012. Context-aware role mining for mobile service recommendation. In Proc. of 27th Annual ACM Symposium on Applied Computing. 173--178. Google ScholarDigital Library
L. Wang, X. Geng, J. C. Bezdek, C. Leckie, and R. Kotagiri. 2008. SpecVAT: Enhanced visual cluster analysis. In Proc. of 8th IEEE International Conf. on Data Mining. 638--647. Google ScholarDigital Library
H. Xia, M. Dawande, and V. Mookerjee. 2014. Role refinement in access control: Model and analysis. INFORMS Journal on Computing 26, 4 (2014), 866--884. Google ScholarDigital Library
Z. Xu and S. D. Stoller. 2015. Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing 12, 5, 533--545.Google ScholarDigital Library
Z. Xu and S. D. Stoller. 2012. Algorithms for mining meaningful roles. In Proc. of 17th ACM Symposium on Access Control Models and Technologies. 57--66. Google ScholarDigital Library
T. T. W. Yee and N. Thein. 2011. Leveraging access control mechanism of android smartphone using context-related role-based access control model. In Proc. of 7th International Conf. on Networked Computing and Advanced Information Management. 54--61.Google Scholar
Z. Yu, R. K. Wong, and C. H. Chi. 2013. Scalable context-aware role mining with mapreduce. In Proc. of 2013 IEEE International Conf. on Big Data. 467--474.Google Scholar
D. Zhang, K. Ramamohanarao, and T. Ebringer. 2007. Role engineering using graph optimisation. In Proc. of 14th ACM Symposium on Access Control Models and Technologies. 139--144. Google ScholarDigital Library
D. Zhang, K. Ramamohanarao, and T. Ebringer. 2008. Permission set mining: Discovering practical and useful roles. In Proc. of 24th Annual Computer Security Applications Conf. 247--256. Google ScholarDigital Library
D. Zhang, K. Ramamohanarao, S. Versteeg, and R. Zhang. 2009. RoleVAT: Visual assessment of practical need for role-based access control. In Proc. of 25th Annual Computer Security Applications Conf. 13--22. Google ScholarDigital Library
D. Zhang, K. Ramamohanarao, S. Versteeg, and R. Zhang. 2010. Graph based strategies to role engineering. In Proc. of 6th Annual Workshop on Cyber Security and Information Intelligence Research. 25:1--25:4. Google ScholarDigital Library
D. Zhang, K. Ramaohanarao, and R. Zhang. 2008. Synthetic Data Generation for Study of Role Engineering. http://www.cs.mu.oz.au/&sim;zhangd/roledata. (2008).Google Scholar
W. Zhang, Y. Chen, C. Gunter, D. Liebovitz, and B. Malin. 2013a. Evolving role definitions through permission invocation patterns. In Proc. of 18th ACM Symposium on Access Control Models and Technologies. 37--48. Google ScholarDigital Library
X. Zhang, W. Han, Z. Fang, Y. Yin, and H. Mustafa. 2013b. Role mining algorithm evaluation and improvement in large volume android applications. In Proc. of 1st International Workshop on Security in Embedded Systems and Smartphones. 19--26. Google ScholarDigital Library

Index Terms

A Survey of Role Mining
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Edge-RMP: Minimizing administrative assignments for role-based access control

Because of its ease of administration, role-based access control (RBAC) has become the norm to enforcing security in most of today's organizations. For implementing RBAC, it is important to devise a complete and correct set of roles. This task, known as ...
Read More
Role Mining in the Presence of Separation of Duty Constraints
ICISS 2015: Proceedings of the 11th International Conference on Information Systems Security - Volume 9478

In recent years, Role Based Access Control RBAC has emerged as the most popular access control mechanism, especially for commercial applications. In RBAC, permissions are assigned to roles, which are then assigned to users. The key to the effectiveness ...
Read More
Role mining based on weights
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

Role mining from the existing permissions has been widely applied to aid the process of migrating to an RBAC system. While all permissions are treated evenly in previous approaches, none of the work has employed the weights of permissions in role mining ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 48, Issue 4
May 2016
605 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2891449
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering/University of Florida/Gainesville, FL
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 February 2016
- Accepted: 1 December 2015
- Revised: 1 August 2015
- Received: 1 September 2014
Published in csur Volume 48, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
RBAC
constraints
hierarchy
optimization metric
role mining
tools
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 67
  Total Citations
  View Citations
- 1,440
  Total Downloads
- Downloads (Last 12 months)128
- Downloads (Last 6 weeks)14
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A Survey of Role Mining

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Edge-RMP: Minimizing administrative assignments for role-based access control

Role Mining in the Presence of Separation of Duty Constraints

Role mining based on weights